Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Akio6309
Explorer

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

I have an old Check Point 4600 that we used for a site that was decommissioned.  I would like to use it for an internal lab environment.  I was able to reset the appliance because it was so old that no one knew the password.  But now when I try to access the management via Ethernet on port 8/MGMT and https://192.168.1.1, I get an error message ERR_SSL_VERSION_OR_CIPHER_MISMATCH.  When I try to access via SSH the default Username/Password admin/admin does not work.  I tried adding support for TLS 1.0, 1.1, 1.2 and 1.3 under Internet Options, and relaunched Chrome but I still get the error message ERR_SSL_VERSION_OR_CIPHER_MISMATCH.  Any suggestions?  Thank you.  

0 Kudos
12 Replies
PhoneBoy
Admin
Admin

Sounds like that 4600 is running a version so old that it does not support modern browsers.
Given that you also don't know the admin password, your best bet is to reimage the appliance from a USB drive.

The 4600 is officially End of Life as is the latest version of software supported on it (R80.40).
You can download an ISO of R80.40 from here: https://support.checkpoint.com/results/sk/sk160736
You need to "burn" the ISO to a USB thumb drive using Isomorphic: https://support.checkpoint.com/results/sk/sk65205 

Boot the appliance off the USB drive and use the console connection to complete the reimaging process.

0 Kudos
emmap
Employee
Employee

You may find that the version that it reset back to is so old that the SSL it's using won't work in a modern browser. It's out of support hardware now but it will still run R80.40 if you build a USB key with ISOMorphic and install it on there.

0 Kudos
the_rock
Legend
Legend

I know in the old days you could overcome web UI issue by pressing windows + R and then typing iexplore, which would let you open old IE browser, but thats not an option any longer, it simply pulls up Edge. For ssh, I know few times I had to edit etc/ssh/sshd_config file and search for PasswordAuth and change it to yes in all the places.

Andy

0 Kudos
Akio6309
Explorer

I'm right there with you Andy.  I have an old laptop with Windows 8.1 that I used for logging into consoles because it has the serial port on the back that works with the Cisco Console cables.  I am thinking about bringing it to work.  I'm having a hard time finding a USB drive to do this reimage.  

I fear that after all of that I will only find out the default password will not work and I will still have to the the reimage.  I'll let you know what happens.  

Robert

0 Kudos
the_rock
Legend
Legend

Let us know...if I find away to fire up old IE browser, will let you know 🙂

Andy

0 Kudos
the_rock
Legend
Legend

K, found it, gotta love reddit haha

Try this, see if web UI works:

Click Start -> search "Internet Options" (or go to control panel and open Internet option) -> go to "Programs" tab -> click "Manage add-ons" -> Click "Learn more about toolbars and extensions" at the bottom. It opens Internet Explorer.

https://www.reddit.com/r/Windows11/comments/vdv9nj/easiest_way_to_open_internet_explorer_on_windows/...

Andy

0 Kudos
Akio6309
Explorer

You sir, are a veritable genius.  It worked.  I was able to connect to it now.  However it is giving me a blank screen.  I clicked on More Information.  Then I clicked on Go on to the webpage (not recommended).  It gave me a small box in the center and I clicked on something I can't remember what it was and then it gave me the blank webpage.  Even if I exit out of the browser and click on Learn more it keeps giving me the blank webpage.  I so want to continue working on this but today is my birthday and I have to get going.  

Robert

0 Kudos
the_rock
Legend
Legend

Happy birthday 🎉🎉

I wish I was a genius lol. Anyway, one way to get around blank screen might be if you open IE security settings and disable all ssl/tls options and then try again.

Andy

0 Kudos
the_rock
Legend
Legend

I was referring to below, just disable all of them and see if that helps.

Andy

 

Screenshot_1.png

0 Kudos
JozkoMrkvicka
Authority
Authority

You can use some very old Firefox portable version from 2010 year or so.

Kind regards,
Jozko Mrkvicka
0 Kudos
the_rock
Legend
Legend

Yea, that may work too.

Andy

0 Kudos
George_Casper
Collaborator

At your own risk and be sure to change it back immediately.  

Use Firefox

Type in the address bar:  About:config

Find and change security.tls.version.enable-deprecated to True.

You will still get the warning about the site not being secure but will be able to continue past it.

Again, change it back to False immediately

 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events